File Uploading Security Patch

Paul Burdick

Posted: 29 May 2007 01:01 PM

[ Ignore ]

Research Scientist

Total Posts: 7534

Joined 2002-08-05

We’ve released a small security patch that corrects a file upload validation issue. This problem only affects file uploads from within the EE control panel (where users must have access and other permissions), so while it is not a serious concern for most sites, all ExpressionEngine users are encouraged to update their files.

If your site is currently running ExpressionEngine 1.5.2, then we suggest you download the most recent build of ExpressionEngine from our download area and update your site following the build update instructions.

If you wish to update just the modified file, then we have provided a stand alone patch for the following listed versions. If you are using a version of ExpressionEngine previous to these, then you must upgrade your site by following the instructions for updating to the most recent version.

- Modified core.upload.php for ExpressionEngine 1.5.2
- Modified core.upload.php for ExpressionEngine 1.5.1
- Modified core.upload.php for ExpressionEngine 1.5.0

* Thanks goes to one of our users who contacted us privately during the weekend and allowed us to confirm the validation problem and create a patch before notifying our community. Kudos.

Signature

Profile

‹‹ Sue Crocker Joins EllisLab Support Team Lisa Wess Joins EllisLab Full-time ››

Username		Remember Me?
Password		forgot password?

Post Marker Legend
	New posts	Hot Topic with new posts	New Poll	Moved Topic	Sticky topic
	No new posts	Hot Topic with no new posts	Old Poll	Closed Topic	Announcements

Visitor Statistics
The most visitors ever was 1149, on July 16, 2007 10:33 AM
Total Registered Members:	58780	Total Logged-in Users:	18
Total Topics:	69462	Total Anonymous Users:	8
Total Replies:	373923	Total Guests:	435
Total Posts:	443385